diff --git a/src/wp-admin/includes/admin-filters.php b/src/wp-admin/includes/admin-filters.php
index ff9204f125..2f0e225781 100644
--- a/src/wp-admin/includes/admin-filters.php
+++ b/src/wp-admin/includes/admin-filters.php
@@ -58,7 +58,7 @@ add_action( 'update_option_page_on_front', 'update_home_siteurl', 10, 2 );
 
 add_filter( 'heartbeat_received', 'wp_check_locked_posts',  10,  3 );
 add_filter( 'heartbeat_received', 'wp_refresh_post_lock',   10,  3 );
-add_filter( 'heartbeat_received', 'wp_refresh_post_nonces', 10,  3 );
+add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10,  3 );
 add_filter( 'heartbeat_received', 'heartbeat_autosave',     500, 2 );
 
 add_filter( 'heartbeat_settings', 'wp_heartbeat_set_suspension' );
diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php
index 40a3a9448b..77c32b05ed 100644
--- a/src/wp-admin/includes/ajax-actions.php
+++ b/src/wp-admin/includes/ajax-actions.php
@@ -2571,26 +2571,35 @@ function wp_ajax_send_link_to_editor() {
  * @since 3.6.0
  */
 function wp_ajax_heartbeat() {
-	if ( empty( $_POST['_nonce'] ) )
+	if ( empty( $_POST['_nonce'] ) ) {
 		wp_send_json_error();
-
-	$response = array();
-
-	if ( false === wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' ) ) {
-		// User is logged in but nonces have expired.
-		$response['nonces_expired'] = true;
-		wp_send_json($response);
 	}
 
+	$response = $data = array();
+	$nonce_state = wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' );
+
 	// screen_id is the same as $current_screen->id and the JS global 'pagenow'.
-	if ( ! empty($_POST['screen_id']) )
+	if ( ! empty( $_POST['screen_id'] ) ) {
 		$screen_id = sanitize_key($_POST['screen_id']);
-	else
+	} else {
 		$screen_id = 'front';
+	}
 
-	if ( ! empty($_POST['data']) ) {
+	if ( ! empty( $_POST['data'] ) ) {
 		$data = wp_unslash( (array) $_POST['data'] );
+	}
 
+	if ( 1 !== $nonce_state ) {
+		$response = apply_filters( 'wp_refresh_nonces', $response, $data, $screen_id );
+
+		if ( false === $nonce_state ) {
+			// User is logged in but nonces have expired.
+			$response['nonces_expired'] = true;
+			wp_send_json( $response );
+		}
+	}
+
+	if ( ! empty( $data ) ) {
 		/**
 		 * Filter the Heartbeat response received.
 		 *
@@ -2628,7 +2637,7 @@ function wp_ajax_heartbeat() {
 	// Send the current time according to the server
 	$response['server_time'] = time();
 
-	wp_send_json($response);
+	wp_send_json( $response );
 }
 
 /**
diff --git a/src/wp-admin/includes/misc.php b/src/wp-admin/includes/misc.php
index 3f218fa799..3b6f050416 100644
--- a/src/wp-admin/includes/misc.php
+++ b/src/wp-admin/includes/misc.php
@@ -771,24 +771,24 @@ function wp_refresh_post_nonces( $response, $data, $screen_id ) {
 		$received = $data['wp-refresh-post-nonces'];
 		$response['wp-refresh-post-nonces'] = array( 'check' => 1 );
 
-		if ( ! $post_id = absint( $received['post_id'] ) )
+		if ( ! $post_id = absint( $received['post_id'] ) ) {
 			return $response;
-
-		if ( ! current_user_can( 'edit_post', $post_id ) || empty( $received['post_nonce'] ) )
-			return $response;
-
-		if ( 2 === wp_verify_nonce( $received['post_nonce'], 'update-post_' . $post_id ) ) {
-			$response['wp-refresh-post-nonces'] = array(
-				'replace' => array(
-					'getpermalinknonce' => wp_create_nonce('getpermalink'),
-					'samplepermalinknonce' => wp_create_nonce('samplepermalink'),
-					'closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
-					'_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
-					'_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
-				),
-				'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),
-			);
 		}
+
+		if ( ! current_user_can( 'edit_post', $post_id ) ) {
+			return $response;
+		}
+
+		$response['wp-refresh-post-nonces'] = array(
+			'replace' => array(
+				'getpermalinknonce' => wp_create_nonce('getpermalink'),
+				'samplepermalinknonce' => wp_create_nonce('samplepermalink'),
+				'closedpostboxesnonce' => wp_create_nonce('closedpostboxes'),
+				'_ajax_linking_nonce' => wp_create_nonce( 'internal-linking' ),
+				'_wpnonce' => wp_create_nonce( 'update-post_' . $post_id ),
+			),
+			'heartbeatNonce' => wp_create_nonce( 'heartbeat-nonce' ),
+		);
 	}
 
 	return $response;
diff --git a/src/wp-admin/js/post.js b/src/wp-admin/js/post.js
index 9a2da29383..085c5d865a 100644
--- a/src/wp-admin/js/post.js
+++ b/src/wp-admin/js/post.js
@@ -170,13 +170,13 @@ $(document).on( 'heartbeat-send.refresh-lock', function( e, data ) {
 	}
 
 	$(document).on( 'heartbeat-send.wp-refresh-nonces', function( e, data ) {
-		var nonce, post_id;
+		var post_id,
+			$authCheck = $('#wp-auth-check-wrap');
 
-		if ( check ) {
-			if ( ( post_id = $('#post_ID').val() ) && ( nonce = $('#_wpnonce').val() ) ) {
+		if ( check || ( $authCheck.length && ! $authCheck.hasClass( 'hidden' ) ) ) {
+			if ( ( post_id = $('#post_ID').val() ) && $('#_wpnonce').val() ) {
 				data['wp-refresh-post-nonces'] = {
-					post_id: post_id,
-					post_nonce: nonce
+					post_id: post_id
 				};
 			}
 		}
diff --git a/src/wp-includes/js/heartbeat.js b/src/wp-includes/js/heartbeat.js
index b4c8316780..9f0258238e 100644
--- a/src/wp-includes/js/heartbeat.js
+++ b/src/wp-includes/js/heartbeat.js
@@ -389,7 +389,6 @@
 
 				if ( response.nonces_expired ) {
 					$document.trigger( 'heartbeat-nonces-expired' );
-					return;
 				}
 
 				// Change the interval from PHP